1. SAML, XACML & the Terrorism Information Sharing Environment “Interoperable Trust Networks” XML Community of Practice February 16, 2005 Martin Smith Program Manager for IT Information Sharing DHS CIO Office

2. 2/16/20052 The Information-Sharing Environment: Vision of EO 13356 EO 13356, Aug 27, 2004, called for “ establishment of an interoperable terrorism information sharing environment to facilitate automated sharing of terrorism information ” Interagency group in homeland-security mission space (OMB Chair, DHS, IC, DOD, DOJ, others) delivered recommendations to President 12/24/2004 Vision was a National shared information-sharing “environment”, based on SOA “Environment”, not “network”: boundary defined by flexible access control

3. 2/16/20053 Access-Control Requirements “Federated” to support common pool of credentials, roles, permissions with distributed maintenance –“harvest” existing trust relationships at Federal, regional and local levels Fine-grained: for this application, need accountability to individual person and individual transaction –sharing requires control –comprehensive audit capability Beyond RBAC, to ABAC and PBAC

4. Implication: look to converging Liberty Alliance/SAML architecture Source: Liberty Identity System Role in securing Web Services Slava Kavsan, Chief Technologist RSA Security Inc.

5. 2/16/20055 Key XML Standard: Security Assertion Markup Language (SAML) Basis for exchanging detailed info (credentials, attributes, preferences) to support access decisions Architecture includes federation capability Standardization status - - –02-Sept-2003: SAML V1.1 approved as an OASIS Standard. –16-Feb-2005: Voting begins on approval of SAML V2.0 specifications and schemas as OASIS Standard. Ballot closes 28-Feb-2005 –SAML V1.1 not backwardly compatible with V1.0

6. Policy-based Access Control Metadata on the Content Environment (Threat Level = Orange) Metadata on the User Policy Authority (Rules Engine) Directory Policy Authority Business Rules: If Data:classification <= User:clearance And User:duty = “Intelligence Analyst” And ( Data:us_citizen = “No” OR User:employer NOT= “CIA” OR Env:Threat_Level = “Red”) Then Grant Access classification = “Secret” us_citizen = “Yes” Access Decision

7. More on PBAC Framework to determine appropriate distribution (mandatory access control and need-to-know), required to automate access decisions –Three sources of data (about the content; about the requestor; about the environment or situation) plus policy rule-set –Key assertion: the distribution decision is not made by the data custodian –“Separation of concerns”: originator is expert on the content; directory holds user credentials and roles; policy is created by management Benefits of implementing the model for the sharing environment –Order-of-magnitude gain in speed, cost & consistency of decisions –Instant, consistent response to changes in environment or in policy –Can be implemented gradually, via “refer to human decision” option –Superior alternative to originator control, can be enforced via digital rights management technologies –Automated process can provide full audit, data for process improvement

8. Key XML Standard: Extensible Access- Control Markup Language (XACML) Supports greatly increased complexity of access-control decisions: capable of applying “business rules” and not just roles –“provide a method for basing an authorization decision on attributes of the subject and resource.” –designed to be used by “policy decision points” in Liberty/SAML architecture Not the only policy language, but leading contender for access-control application –access control ~= digital rights management Standardization status - - – XACML 2.0 and all the associated profiles approved as OASIS Standards on 1 February 2005 – eXtensible Access Control Markup Language (XACML) Version 1.0 OASIS Standard, 18 February 2003